You don't have to trust any of their server code - you only have to trust that the JavaScript blob they send you is actually the same as the open source version. This is the same threat model as trusting Signal from the App store instead of side-loading it yourself.
As has been frequently pointed out, they could choose one account and serve that account a different webpage just once, and harvest their password in order to decrypt all their email in perpetuity. This would be a trivial change that would certainly go unnoticed.
I fail to see how this is any worse than any of their competition, which does server side encryption. At least with ProtonMail there is the chance of them being caught serving backdoored client-side pages - with server-side you would never know.
I feel like the hate is a case of people thinking not being perfect is worse than being average or bad.
If protonmail is billed as a pgp replacement, then people will think it is reasonable to use protonmail's encryption instead of 'offline' encryption, when that's not the case at all.
- https://protonmail.com/blog/protonmail-open-source-crytograp...
- https://protonmail.com/blog/protonmail-secure-email-open-sou...
You don't have to trust any of their server code - you only have to trust that the JavaScript blob they send you is actually the same as the open source version. This is the same threat model as trusting Signal from the App store instead of side-loading it yourself.